RE: [Phplib-users] New phpauth code
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
RE: [Phplib-users] New phpauth code
|
From: Layne W. <la...@if...> - 2002-05-06 22:33:14
|
> I've been promising this for a year, but it's undergone plenty of > refinement to make it worthwhile. > > You can download my new phpauth code at: > http://www.phpauth.com/ > > This is a replacement for the authentication functionality of phplib. > It only works with php4, and relies on php4's sessioning. It > works with > register_globals turned off, and requires that magic_quotes also be > turned off. It's nearly a drop-in replacement for phplib. Really? - You use a copy of PHPLib's db_mysql.inc from 1999 - what else is out of date? - You want me to use inline PHP and HTML. Why would I revert to ineligantly located, hard-to-update markup when I have discovered the one true religion of templates? - You ask me to learn a new API and change my handling of auth, perms and cart. > I am using this code on 5 production sites currently, so it > should work > fine. I use PHPLib on dozens of sites across half a dozen production servers; thousands of other sites use PHPLib as well. There is a difference between code that works and a library that can be used by thousands of developers to fit their distinct needs. I do not think that PHPLib is perfect, but it has fit the needs of many developers. > If you're looking at an easy upgrade path from phplib for > php4, this is > it. > > A few of the features that separate it from phplib: > > 1. uses php4 sessioning This appeared in PHPLib's development branch in 2000 and was moved into the production branch a few months ago. > 2. register_globals off (more secure) This has been fixed in PHPLib. > 3. form variables are passed through login/registration forms This is an easy modification and has been described on the PHPLib list a few times. > 4. auth class doesn't exist unless they are authenticated I'm not sure that I understand this. If the code to authenticate a user doesn't exist, how can they be authenticated? Do you mean instead that there is no auth object in memory? I have not thoroughly inspected your code, but what I have seen indicates that you have dismissed many of the design decisions followed in the PHPLib classes. Why? Over the past few years, I have found the experience of the PHPLib community to be quite valuable. I continue to discover flexibility in PHPLib that I did not expect and find new ways to use the codebase. It seems that your biggest problem with PHPLib is that the development of new features has not met your expectations. It hasn't met mine either (as a developer, that means that I haven't met my own expectations). However, by working on and with PHPLib, I am able to leverage countless hours of quality programming to shorten my production time and improve my bottom line. There are many factors that affect our decisions to work on any given project. If you are sure that working on the phpauth code is where your priorities are, then I wish you luck with it. If not, please consider contributing to PHPLib. Layne Weathers Ifworld Inc. |
